Probably the biggest prejudice when it comes to IPv6 is: “I don’t like those long addresses – they are hard to remember.” While this seems to be obvious due to the length and hexadecimal presentation of v6 addresses, it is NOT true. In the end, you’ll love IPv6 addresses in your own networks. This is why – summed up in one poster:
Note that this post is one of many related to IPv6. Click here for a structured list.
–> Download it in high quality as PDF.
Did I miss something? Please write a comment below!
Photo by Steve Halama on Unsplash.
10 thoughts on “I Love IPv6 Addressing!”
And separate DNS views for each side of NAT ugh
Oh yeah, you’re correct. Thanks, man. I added it to the poster. ;)
Yes IPv6 /126 or /127 for P2P Links and /128 for Loopbacks.
There is also security consideration related to using ipv6 /64 every where.
I hate IPv6. Publishing information from the internal network is not really a good idea. I like split dns and private address ranges.
Can you name me a single network attack that was unsuccessful due to the usage of private IPv6 addresses? ;D
At least for different DNS views you are right: I won’t publish internal hostnames to the public either.
Security through obscurity? 🤦🏼♂️
What’s it matter if you’ve got your whole network using private addresses behind 1 public IP and NAT gateway (where you drop incoming packets because the gateway won’t know where to send them)
Or all your publicly addressable devices behind a proper firewall (which drops incoming packets because you told it to).
NAT solves IP shortage. I work for government who has too many IP. We use firewalls ;)
But it’s true many inexperienced will add ip6 tunnel and forget it’s not NAT and the new rules they will need.
the poster implies that you would use the global IPv6 space also for internal VPN stuff as well, is that right?
I got the impression that with IPv6 you could have a global and a ULA address on the same interface, use the ULA internal traffic and VPN clients/site-to-site and the global address for everything else and still avoid NAT?
There does not seem to be clear recommendation which way to go or did I miss something here? At least your poster suggests to not use ULAs for internal Servers /VPN and just go with one global IPv6 address space?
Hey zer0flash. Yes, I highly recommend to avoid ULAs at all. (There are only very few exceptions for this.) You SHOULD use GUAs wherever possible. There is no drawback to it. But keep in mind, that you should use your own, read: provider independent (PI), space in case you’re an enterprise. You don’t want to renumber your whole infrastructure in case you’re switching your ISP.
Also note that when you’re using ULAs *and* GUAs, you will run into problems for source address selection. ULAs are less preferred than GUAs. Since the source host system has to select one out of many IPv6 addresses, you have to deal with it. You won’t love it. :)
The neverending story…
And the arguments on both sides…
I’m glad you are happy with the 100% IPv6. Nice job, well done!
Keep up the good work. Who knows, some time – when we are really old – legacy IP will be gone…